New_Attack_Surfaces_WiFi_Mesh.pdf
3.2 MB
#WLAN_Security
BlackHat Europe 2021:
"New Attack Surfaces of Wi-Fi Mesh Network".
// CVE-2021-35055, CVE-2021-37566, CVE-2021-37572
@NetPentesters
BlackHat Europe 2021:
"New Attack Surfaces of Wi-Fi Mesh Network".
// CVE-2021-35055, CVE-2021-37566, CVE-2021-37572
@NetPentesters
WSUS Attacks:
Part 1 - Introducing PyWSUS
https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus
Part 2 - CVE-2020-1013 a Windows 10 LPE 1-Day
https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day
Part 3 - NTLM Relaying Attacks
https://www.gosecure.net/blog/2021/11/22/gosecure-investigates-abusing-windows-server-update-services-wsus-to-enable-ntlm-relaying-attacks
#wsus
#NTLM
@NetPentesters
Part 1 - Introducing PyWSUS
https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus
Part 2 - CVE-2020-1013 a Windows 10 LPE 1-Day
https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day
Part 3 - NTLM Relaying Attacks
https://www.gosecure.net/blog/2021/11/22/gosecure-investigates-abusing-windows-server-update-services-wsus-to-enable-ntlm-relaying-attacks
#wsus
#NTLM
@NetPentesters
GoSecure
24/7 managed detection, response, and expert cybersecurity services - GoSecure
We provide around-the-clock threat detection and incident response, backed by expert consulting to keep your organization secure.
Observing Attacks Against Hundreds
of Exposed Services in Public Clouds
https://unit42.paloaltonetworks.com/exposed-services-public-clouds
#Cloud
@NetPentestets
of Exposed Services in Public Clouds
https://unit42.paloaltonetworks.com/exposed-services-public-clouds
#Cloud
@NetPentestets
Unit 42
Observing Attacks Against Hundreds of Exposed Services in Public Clouds
Insecurely exposed services are common misconfigurations in cloud environments. We used a honeypot infrastructure to learn about attacks against them.
1. How to Detect Azure AD Backdoors:
Identity Federation
https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html
2. Checks for signature requirements over LDAP
https://github.com/GoSecure/ldap-scanner
#BlueTeam
#Azure
#Ad
#LDAP
@NetPentesters
Identity Federation
https://www.inversecos.com/2021/11/how-to-detect-azure-active-directory.html
2. Checks for signature requirements over LDAP
https://github.com/GoSecure/ldap-scanner
#BlueTeam
#Azure
#Ad
#LDAP
@NetPentesters
Inversecos
How to Detect Azure Active Directory Backdoors: Identity Federation
CVE-2021-21972:
PoC Exploit for vCenter
https://github.com/NS-Sp4ce/CVE-2021-21972
https://github.com/horizon3ai/CVE-2021-21972
Exploits the Wii U's bluetooth stack to gain IOSU
kernel access via bluetooth
https://github.com/GaryOderNichts/bluubomb
#bluetooth
@NetPentesters
PoC Exploit for vCenter
https://github.com/NS-Sp4ce/CVE-2021-21972
https://github.com/horizon3ai/CVE-2021-21972
Exploits the Wii U's bluetooth stack to gain IOSU
kernel access via bluetooth
https://github.com/GaryOderNichts/bluubomb
#bluetooth
@NetPentesters
GitHub
GitHub - NS-Sp4ce/CVE-2021-21972: CVE-2021-21972 Exploit
CVE-2021-21972 Exploit. Contribute to NS-Sp4ce/CVE-2021-21972 development by creating an account on GitHub.
1. 0-day vulnerability in TP-Link Wi-Fi 6 devices
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html?utm_source=feedly&utm_medium=rss&utm_campaign=0-day-tp-link-wi-fi-6
2. TP-Link TL-WR840N EU v5 RCE
(PoC for CVE-2021-41653)
https://k4m1ll0.com/cve-2021-41653.html
#tplink
#ZeroDay
#Vulnerability
#poc
@NetPentesters
https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html?utm_source=feedly&utm_medium=rss&utm_campaign=0-day-tp-link-wi-fi-6
2. TP-Link TL-WR840N EU v5 RCE
(PoC for CVE-2021-41653)
https://k4m1ll0.com/cve-2021-41653.html
#tplink
#ZeroDay
#Vulnerability
#poc
@NetPentesters
Security Affairs
Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices
Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L.
A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
https://imp0rtp3.wordpress.com/2021/11/25/sowat/
#APT31
#Router
#malware
@Netpentesters
https://imp0rtp3.wordpress.com/2021/11/25/sowat/
#APT31
#Router
#malware
@Netpentesters
Nmap noscript that searches for probable vulnerabilities based on services discovered in open ports
https://github.com/scmanjarrez/CVEScannerV2
#Nmap
#Script
#Port
#Vulnerability
@NetPentesters
https://github.com/scmanjarrez/CVEScannerV2
#Nmap
#Script
#Port
#Vulnerability
@NetPentesters
GitHub
GitHub - scmanjarrez/CVEScannerV2: Nmap noscript that scans for probable vulnerabilities based on services discovered in open ports.
Nmap noscript that scans for probable vulnerabilities based on services discovered in open ports. - GitHub - scmanjarrez/CVEScannerV2: Nmap noscript that scans for probable vulnerabilities based on se...
Proxy-Attackchain:
proxylogon, proxyshell, proxyoracle, proxytoken
full chain exploit tool
https://github.com/FDlucifer/Proxy-Attackchain
#tools
#proxy
@NetPentesters
proxylogon, proxyshell, proxyoracle, proxytoken
full chain exploit tool
https://github.com/FDlucifer/Proxy-Attackchain
#tools
#proxy
@NetPentesters
GitHub
GitHub - FDlucifer/Proxy-Attackchain: Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization…
Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization :) - FDlucifer/Proxy-Attackchain
Azure Privilege Escalation via Azure API Permissions Abuse
https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48
#Azure
#privilege
#Api
#microsoft
@NetPentesters
https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48
#Azure
#privilege
#Api
#microsoft
@NetPentesters
Analysis for CVE-2021-34535 -
RCE vulnerability in Remote Desktop Client
https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control
#vulnerability
#RDP
#RCE
#Analysis
@NetPentesters
RCE vulnerability in Remote Desktop Client
https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control
#vulnerability
#RDP
#RCE
#Analysis
@NetPentesters
Configurable backdoor to bypass antivirus
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads
#Bypass
#antivirus
#backdoor
@NetPentesters
https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads
#Bypass
#antivirus
#backdoor
@NetPentesters
Airstrike - Automatically grab and crack WPA-2 handshakes with distributed client-server architecture
https://github.com/redcode-lab/AirStrike
#tools
#wpa
#airstrike
@NetPentesters
https://github.com/redcode-lab/AirStrike
#tools
#wpa
#airstrike
@NetPentesters
Cloud service provider security mistakes
https://github.com/SummitRoute/csp_security_mistakes
#Cloud
@NetPentesters
https://github.com/SummitRoute/csp_security_mistakes
#Cloud
@NetPentesters
GitHub
GitHub - SummitRoute/csp_security_mistakes: This repo has been replaced by https://www.cloudvulndb.org
This repo has been replaced by https://www.cloudvulndb.org - SummitRoute/csp_security_mistakes
MikroTik_vulns.pdf
555.4 KB
Most exploited vulnerabilities of MikroTik devices, 2021.
#Analytics
#Mikrotik
#vulnerability
@NetPentesters
#Analytics
#Mikrotik
#vulnerability
@NetPentesters
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
#microsoft
#vulnerability
@NetPentesters
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
#microsoft
#vulnerability
@NetPentesters
CVE-2021-42287
Weaponisation - Active Directory
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
#AD
#cve
@NetPentesters
Weaponisation - Active Directory
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
#AD
#cve
@NetPentesters
Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)
https://github.com/ly4k/Pachine
#privilege
#CVE
#Python
#AD
@NetPentesters
https://github.com/ly4k/Pachine
#privilege
#CVE
#Python
#AD
@NetPentesters